Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • DevOps
  • Developer Tools

Developer Tools

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    3 Jun 2026 DevOps
    Kubernetes: Man-in-the-Middle (MitM) via LoadBalancer or ExternalIPs

    In Kubernetes (all versions) a medium severity vulnerability CVE-2020-8554 was detected. This vulnerability allows an attacker to intercept traffic intended for specific IP addresses, resulting in a Man-in-the-Middle (MitM) attack. This occurs because the Kubernetes API server allows users who can create a ClusterIP service to freely set the spec.externalIPs field. Additionally, an attacker with privileged access to patch the status of a LoadBalancer service can set the status.loadBalancer.ingress.ip field to achieve a similar effect. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-8554.

    Read more
    Developer Tools
    3 Jun 2026 DevOps
    Portainer Community Edition: Information Disclosure via Missing Authorization in Custom Templates

    In Portainer Community Edition versions 2.33.0 to before 2.33.8 and 2.39.1 a medium severity vulnerability CVE-2026-44884 was detected. This vulnerability allows any authenticated user to read the file content of any custom template, potentially exposing sensitive environment-specific values such as connection strings, API tokens, or registry credentials. This occurs due to missing authorization checks in the Custom Template file endpoint (GET /api/custom_templates/{id}/file), enabling users to bypass Resource Control access restrictions by enumerating sequential integer IDs. To address this issue, users should upgrade Portainer Community Edition to versions 2.33.8 or 2.39.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-44884.

    Read more
    Developer Tools
    2 Jun 2026 DevOps
    GitLab EE: Authorization Bypass Through User-Controlled Key in Duo AI Workflows

    In GitLab EE versions 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 a high severity vulnerability CVE-2026-4868 was detected. This vulnerability allows an authenticated user to cause specific Duo AI workflows to run under another user’s identity. This occurs due to an authorization bypass caused by improper user identity resolution when triggering Duo AI workflow runners. To address this issue, users should upgrade GitLab EE to versions 18.10.7, 18.11.4, or 19.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4868.

    Read more
    Developer Tools
    2 Jun 2026 DevOps
    Portainer Community Edition: Arbitrary File Read via Git Symlink Injection

    In Portainer Community Edition versions 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0 a high severity vulnerability CVE-2026-44881 was detected. This vulnerability allows an authenticated user with rights to create or update a Git-backed stack to read arbitrary files on the host filesystem that are accessible to the Portainer process. This occurs because Portainer clones Git repositories using a library that translates symlink entries into real OS symlinks without adequate validation. When the stack entry point (such as docker-compose.yml) is a symlink pointing to an arbitrary path, the API endpoint reading this file transparently follows the symlink and returns the target file’s contents in the HTTP response. To address this issue, users should upgrade Portainer Community Edition to versions 2.33.8, 2.39.2, or 2.41.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-44881.

    Read more
    Developer Tools
    1 Jun 2026 DevOps
    GitLab CE/EE: Unauthorized Access via Blocked Project Access Token

    In GitLab CE/EE versions 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 a medium severity vulnerability CVE-2026-9807 was detected. This vulnerability allows an attacker using a blocked Project Access Token to continue accessing private resources. This occurs due to incorrect authorization enforcement within the application under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 18.10.7, 18.11.4, or 19.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-9807.

    Read more
    Developer Tools
    1 Jun 2026 DevOps
    Portainer Community Edition: Credential Leakage via JWT in URL Query Parameter

    In Portainer Community Edition versions 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0 a high severity vulnerability CVE-2026-44883 was detected. This vulnerability allows an attacker to obtain full user privileges by harvesting leaked authentication tokens. This occurs because the authentication middleware accepts JWT bearer tokens passed as the “?token=<JWT>” URL query parameter on any authenticated API endpoint. Consequently, these sensitive tokens can be exposed in reverse-proxy access logs, browser history, or HTTP Referer headers. To address this issue, users should upgrade Portainer Community Edition to versions 2.33.8, 2.39.2, or 2.41.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-44883.

    Read more
    Developer Tools
    29 May 2026 DevOps
    GitLab CE/EE: Private Project Enumeration via Incorrect Authoriza

    In GitLab CE/EE versions 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 a medium severity vulnerability CVE-2026-6713 was detected. This vulnerability allows an unauthorized user to enumerate private projects under certain conditions. This occurs due to incorrect authorization checks within the application. To address this issue, users should upgrade GitLab CE/EE to versions 18.10.7, 18.11.4, or 19.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-6713.

    Read more
    Developer Tools
    28 May 2026 DevOps
    GitLab CE/EE: CI Data Exposure via Incorrectly-Resolved Name or Reference

    In GitLab CE/EE versions 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 a medium severity vulnerability CVE-2026-8716 was detected. This vulnerability allows an authenticated user to access CI data from a different ref type than intended under certain conditions. This occurs due to the use of an incorrectly-resolved name or reference within the application. To address this issue, users should upgrade GitLab CE/EE to versions 18.10.7, 18.11.4, or 19.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-8716.

    Read more
    Developer Tools
    26 May 2026 DevOps
    Plane: Sensitive Information Disclosure via ORM Field Reference Injection

    In Plane versions 1.3.0 and below a medium severity vulnerability CVE-2026-40102 was detected. This vulnerability allows an authenticated workspace member to extract sensitive data, including bcrypt password hashes, API tokens, and user email addresses. This occurs due to an Object-Relational Mapping (ORM) Field Reference Injection flaw in the SavedAnalyticEndpoint, where the user-controlled “segment” query parameter is passed directly to a Django F() expression without validation. By crafting a specific segment value, an attacker can traverse foreign-key relationships (e.g., workspace__owner__password) and have the referenced field values returned directly in the JSON response. To address this issue, users should upgrade Plane to version 1.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40102.

    Read more
    Developer Tools
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}